Search form

HOW TO: Endanger Your Child

HOW TO: Endanger Your Child

It wasn't long ago that alarmed parents had to force administrators in a Northern California school to stop tagging their children with RFID-embedded IDs. The IDs, placards that hung from the neck with the childrens' names emblazened on the front, would also have allowed anyone with a compatible scanner to secretly gather additional personal details. That's right -- anyone could pick up this information, even potentially a sexual predator. The school's rationale? The placards would help with taking attendance and "improve school safety."

Now, as Edward Felten reports, the state of Michigan has created an email registry that's supposed to stop your child from receiving harmful email -- that is, spam for products that kids aren't allowed to buy or be exposed to, like pornography or alcohol. Only what it really does is help spammers and online predators determine whether your child is indeed a child (emphasis, mine):

What [should bother Michigan] is the possibility that unscrupulous emailers will use the list as a source of addresses to target with spam. In the worst case, signing up for the list could make your spam problem worse, not better.

The Michigan system doesn't just give the list to emailers — that would be a disaster — but instead provides a service that allows emailers to upload their mailing lists to a state-run server that sends the list back after removing any registered addresses. (Emailers who are sufficiently trusted by the state can apparently get a list of hashed addresses, allowing them to scrub their own lists.)

The problem is that an emailer can compare his initial list against the scrubbed version. Any address that is on the former but not the latter must be the address of a registered kid. By this trick the emailer can build a list of kids' email addresses. The state may outlaw this, but it seems hard to stop it from happening, especially because the state appears to require emailers everywhere in the world to scrub their lists.

If I lived in Michigan, I wouldn't register my kid's address.

Most of the media coverage of the Michigan registry appears positive, with only a few articles including a short note of caution -- for example, the single sentence, "Some Internet safety experts have said anti-spam laws have been difficult to enforce and others worry the lists will give hackers a way to get access to a large database of children."

It's not enough. If you care about childrens' safety, we encourage you to pass this post along and explain to parents that voluntarily contributing to a database that identifies children on the Internet is a bad idea.

We'll shortly have more on the law behind the registry and related developments; stay tuned.

Update (July 13): Professor Felten has published a follow-up post with additional information on how the registry works -- in particular, exploring how charging emailers a fee to screen addresses against the list affects the registry's function.

Related Updates

The full weight of U.S. policing has descended upon protesters across the country as people take to the streets to denounce the police killings of Breonna Taylor, George Floyd, and countless others who have been subjected to police violence. Along with riot shields, tear gas, and other crowd control...

Your phone is your life. It’s where you communicate, get your news, take pictures and videos of your loved ones, relax and play games, and find a significant other. It can track your health, give you directions, remind you of events, and much more. It’s an incredibly helpful tool, but...

EFF has joined a broad coalition of civil liberties, civil rights, and labor advocates to oppose A.B. 2261, which threatens to normalize the increased use of face surveillance of Californians where they live and work. Our allies include the ACLU of California, Oakland Privacy, the California Employment Lawyers Association, Service...

In the wake of nationwide protests against the police killings of George Floyd and Breonna Taylor, we urge protestors to stay safe, both physically and digitally. Our Surveillance Self Defense (SSD) Guide on attending a protest offers practical tips on how to maintain your privacy and minimize your digital...

With states beginning to ease shelter-in-place restrictions, the conversation on COVID-19 has turned to questions of when and how we can return to work, take kids to school, or plan air travel.Several countries and U.S. states, including the UK, Italy, Chile, Germany, and California, have expressed interest in...

When it comes to surveillance of our online lives, Internet service providers (ISPs) are some of the worst offenders. Last year, the state of Maine passed a law targeted at the harms ISPs do to their customers when they use and sell their personal information. Now that law is...

COVID-19, and containment efforts that rely on personal data, are shining a spotlight on a longstanding problem: our nation’s lack of sufficient laws to protect data privacy. Two bills before Congress attempt to solve this problem as to COVID-19 data. One is a good start that needs improvements. The other...

In a landmark decision, the German Constitutional Court has ruled that mass surveillance of telecommunications outside of Germany conducted on foreign nationals is unconstitutional. Thanks to the chief legal counsel, Gesellschaft für Freiheitsrechte (GFF), this a major victory for global civil liberties, but especially those that live and...